From d120743e8bee74bbb6381a6ec017d7fa62b3f13e Mon Sep 17 00:00:00 2001 From: Rob Sargant Date: Mon, 14 Nov 2022 09:30:01 +0000 Subject: [feature] add instance-expose-public-timeline flag (#1039) * Add instance-expose-public-timeline flag Adds a config flag that allows unauthenticated access to /api/v1/timelines/public. Defaults to false to replicate existing behaviour. * Update structure following review * Add comment * Fix linting --- internal/api/client/timeline/public.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'internal/api/client/timeline/public.go') diff --git a/internal/api/client/timeline/public.go b/internal/api/client/timeline/public.go index 673c20a99..a2e1faf59 100644 --- a/internal/api/client/timeline/public.go +++ b/internal/api/client/timeline/public.go @@ -25,6 +25,7 @@ import ( "github.com/gin-gonic/gin" "github.com/superseriousbusiness/gotosocial/internal/api" + "github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/oauth" ) @@ -110,7 +111,17 @@ import ( // '400': // description: bad request func (m *Module) PublicTimelineGETHandler(c *gin.Context) { - authed, err := oauth.Authed(c, true, true, true, true) + var authed *oauth.Auth + var err error + + if config.GetInstanceExposePublicTimeline() { + // If the public timeline is allowed to be exposed, still check if we + // can extract various authentication properties, but don't require them. + authed, err = oauth.Authed(c, false, false, false, false) + } else { + authed, err = oauth.Authed(c, true, true, true, true) + } + if err != nil { api.ErrorHandler(c, gtserror.NewErrorUnauthorized(err, err.Error()), m.processor.InstanceGet) return -- cgit v1.2.3